From 2470e654c4464eb67b71fa650ad39c98665643e1 Mon Sep 17 00:00:00 2001 From: Benson Chu Date: Sat, 30 Dec 2023 16:34:21 -0600 Subject: [PATCH] Clean up generic configuration --- common/configuration.nix | 19 ++----------------- common/lxd-setup.nix | 10 +++++----- 2 files changed, 7 insertions(+), 22 deletions(-) diff --git a/common/configuration.nix b/common/configuration.nix index 581b861..07566fc 100644 --- a/common/configuration.nix +++ b/common/configuration.nix @@ -9,7 +9,6 @@ boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; - # networking.hostName = "NixFrame"; # Define your hostname. # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. # Configure network proxy if necessary @@ -49,17 +48,13 @@ alsa.enable = true; alsa.support32Bit = true; pulse.enable = true; - # If you want to use JACK applications, uncomment this - #jack.enable = true; + jack.enable = true; # use the example session manager (no others are packaged yet so this is enabled by default, # no need to redefine it in your config for now) - #media-session.enable = true; + # media-session.enable = true; }; - # Enable touchpad support (enabled default in most desktopManager). - # services.xserver.libinput.enable = true; - fonts = { packages = with pkgs; [ roboto-mono @@ -71,13 +66,6 @@ # Allow unfree packages nixpkgs.config.allowUnfree = true; - # List packages installed in system profile. To search, run: - # $ nix search wget - # environment.systemPackages = with pkgs; [ - # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. - # wget - # ]; - # Some programs need SUID wrappers, can be configured further or are # started in user sessions. # programs.mtr.enable = true; @@ -88,9 +76,6 @@ # List services that you want to enable: - # Enable the OpenSSH daemon. - # services.openssh.enable = true; - # Open ports in the firewall. # networking.firewall.allowedTCPPorts = [ ... ]; # networking.firewall.allowedUDPPorts = [ ... ]; diff --git a/common/lxd-setup.nix b/common/lxd-setup.nix index 9cbb3e7..db09419 100644 --- a/common/lxd-setup.nix +++ b/common/lxd-setup.nix @@ -43,16 +43,16 @@ # Firewall commands allowing traffic to go in and out of the bridge interface # (and to the guest LXD instance). Also sets up the actual NAT masquerade rule. networking.firewall.extraCommands = '' - iptables -A INPUT -i lxdbr0 -m comment --comment "my rule for LXD network lxdbr0" -j ACCEPT + iptables -A INPUT -i lxdbr0 -m comment --comment "LXD network lxdbr0" -j ACCEPT # These three technically aren't needed, since by default the FORWARD and # OUTPUT firewalls accept everything everything, but lets keep them in just # in case. - iptables -A FORWARD -o lxdbr0 -m comment --comment "my rule for LXD network lxdbr0" -j ACCEPT - iptables -A FORWARD -i lxdbr0 -m comment --comment "my rule for LXD network lxdbr0" -j ACCEPT - iptables -A OUTPUT -o lxdbr0 -m comment --comment "my rule for LXD network lxdbr0" -j ACCEPT + iptables -A FORWARD -o lxdbr0 -m comment --comment "LXD network lxdbr0" -j ACCEPT + iptables -A FORWARD -i lxdbr0 -m comment --comment "LXD network lxdbr0" -j ACCEPT + iptables -A OUTPUT -o lxdbr0 -m comment --comment "LXD network lxdbr0" -j ACCEPT - iptables -t nat -A POSTROUTING -s 10.130.43.1/24 ! -d 10.130.43.1/24 -m comment --comment "my rule for LXD network lxdbr0" -j MASQUERADE + iptables -t nat -A POSTROUTING -s 10.130.43.1/24 ! -d 10.130.43.1/24 -m comment --comment "LXD network lxdbr0" -j MASQUERADE ''; # ip forwarding is needed for NAT'ing to work.